Closed dependabot[bot] closed 2 months ago
Checkmarx One – Scan Summary & Details – cadfc0fa-87e1-4ed1-945f-2d915d0305ae
Policy Name | Rule(s) | Break Build |
---|---|---|
[SAST-ML0] Not allowed NEW Sast vulnerabilities | true |
Severity | Issue | Source File / Package | Checkmarx Insight |
---|---|---|---|
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector | |
Cleartext_Submission_of_Sensitive_Information | /src/main/java/com/checkmarx/jenkins/tools/ProxyHttpClient.java: 34 | Attack Vector |
Severity | Issue | Source File / Package |
---|---|---|
Unpinned Actions Full Length Commit SHA | /ci.yml: 40 | |
Unpinned Actions Full Length Commit SHA | /manual-tag.yml: 23 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 42 | |
Unpinned Actions Full Length Commit SHA | /release.yml: 53 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 24 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 17 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 55 | |
Unpinned Actions Full Length Commit SHA | /cd.yml: 34 |
Bumps io.jenkins.tools.incrementals:git-changelist-maven-extension from 1.7 to 1.8.
Release notes
Sourced from io.jenkins.tools.incrementals:git-changelist-maven-extension's releases.
Commits
04ecce1
[maven-release-plugin] prepare release parent-1.8941aabd
Merge pull request #104 from basil/reproducible0930bde
Support for Maven reproducible buildse33d6fc
Bump s4u/setup-maven-action from 1.11.0 to 1.12.0 (#97)535bf79
Bump io.jenkins.tools:central-repository-pom from 1.2 to 1.3 (#96)afac340
Merge pull request #94 from jenkinsci/dependabot/github_actions/release-draft...d6d1cd2
Merge pull request #95 from jenkinsci/dependabot/maven/junit.version-5.10.2b209599
Bump junit.version from 5.10.1 to 5.10.23f167d0
Bump release-drafter/release-drafter from 5 to 6a9b0626
Add goal prefix (#93)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show